Security Spot

Indefinite Disabled User Detection

What's worse than the walking dead in real life? Zombie user accounts that suddenly have activity and intend to do harm to your organization. Not to worry! Cleaning up disabled accounts can be quite simple.

Read More

Using LogRhythm as a File Integrity Monitoring Honeypot

Suppose you wanted to find threat actors lurking on your network—probably a good idea, right? To do this, you need to devise a way to be notified of strange activity. The steps in this post will further assist you in detecting malicious users who are already on your network by leveraging a honeypot.

Read More

Using Deep Packet Analytics to Detect Personally Identifiable Information

Often, the key indicators of compromised PII aren’t available in traditional log or audit data. So just how can organizations actively monitor for potentially exposed or leaked PII? In this example, I’ll cover how the Deep Packet Analytics feature in LogRhythm’s Network Monitor can do just this—detecting and alerting on exposed or leaked PII by looking at network traffic.

Read More

WebConsole Cyber Kill Chain

Tough times call for tough measures. What better way to visualize those measures than through the Cyber Kill Chain? The Cyber Kill Chain is a method developed by Lockheed Martin to gain further insight into what stage a cybercriminal is at in an attacking cycle. Stages include Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Action on Objectives.

Read More

SMS Alerting Via SmartResponse

Security analysts can't always dedicate their time to monitoring the security operations center (SOC), nor do they always check the alerts that they receive via email, due to various reasons. Also, some alerts are simply more important than other alerts—important enough that you want to know about them right away and be notified in the most effective way possible, even when out of the office and disconnected from email.

Read More

LogRhythm Threat Intelligence Services (TIS): STIX via TAXII

Here at LogRhythm, we are excited to announce an updated release of our Threat Intelligence Services (TIS). If you're not familiar with TIS, its easy-to-use utility enables LogRhythm customers to rapidly add and configure a wide array of threat feeds from commercial or open-source feeds. However, in the new release of TIS (1.5), there is support for Structured Threat Information eXpression (STIX) threat data via Trusted Automated Exchange of Indicator Information (TAXII). But before I cover the details of what STIX and TAXII are, let's cover the why.

Read More

Palo Alto Networks Ignite 2016

LogRhythm was a proud sponsor at the recent Palo Alto Networks 2016 Ignite Conference in Las Vegas. It was a fantastic three-day event where we not only got to meet many existing customers and technology partners, but we also were able to demonstrate our powerful integrations between LogRhythm's Security Intelligence Platform and Palo Alto Network's Firewall. For those who weren't able to make it to the event, we wanted to share some of these integrations.

Read More

The State of Ransomware: How to Prepare for an Attack

Ransomware is currently one of the most widespread and highest-publicized threats on the Internet. Over the last few years, we’ve seen a marked increase in the use of ransomware tools like CryptoLocker, CryptoWall, TeslaCrypt and more recently Locky. Security experts predict 2016 will follow this trend as more cybercriminals begin offering ransomware-as-a-service options to their list of nefarious wares.

Read More